How To Install Nginx Proxy Manager on Rocky Linux 9

Nginx Proxy Manager offers an accessible and user-friendly approach to handling reverse proxies. Many administrators favor this solution for its clean web-based interface, SSL certificate management, and comprehensive features. On Rocky Linux 9, it integrates smoothly thanks to Docker and Docker Compose, allowing flexible configuration of proxy hosts without deep knowledge of traditional Nginx files.

Rocky Linux 9 is often chosen for enterprise-level systems requiring reliability and stability. By installing Nginx Proxy Manager, it becomes easier to manage multiple websites or services under a single server, simplifying workflow and alleviating the need to memorize intricate Nginx directives. This reverse proxy solution handles SSL certificates seamlessly by integrating with Let’s Encrypt, keeping websites secure with minimal effort.

Achieving a clean and organized server environment is vital when hosting various web applications or subdomains. Nginx Proxy Manager’s streamlined dashboard provides a modern user experience. Each feature, from restricting access based on IP addresses to generating SSL certificates, is readily available in one interface. Its design promotes best practices, promotes security, and reduces manual overhead.

The sections below detail every step required to install and configure Nginx Proxy Manager on Rocky Linux 9. Instructions include system preparation, Docker setup, firewall configuration, certificate options, troubleshooting, and more. By following these steps, advanced setups can be achieved quickly, ensuring a functional, secure, and efficient proxy environment.

System Requirements and Prerequisites

Before installing Nginx Proxy Manager, verify that the Rocky Linux 9 system meets the recommended hardware requirements. A typical setup runs efficiently with at least 1 GB of RAM and a few gigabytes of free disk space, though more resources are advisable for multiple websites or high-traffic services. A stable network connection is essential for fetching and updating Docker images.

Rocky Linux 9 should have an updated package index to avoid compatibility issues. Elevated user privileges, such as root or a sudo-enabled account, are vital for installing and configuring services. Docker must be installed since Nginx Proxy Manager runs containerized. Docker Compose is also required for orchestrating multiple containers effortlessly. Additionally, firewall rules must allow HTTP (port 80) and HTTPS (port 443) traffic, as these are critical for standard web requests and certificate renewals. Opening the default management interface port (81) for Nginx Proxy Manager ensures web dashboard accessibility.

Preparing the Environment

A well-prepared environment eliminates many issues that can arise during installation or configuration. Start by updating and upgrading system packages to guarantee smooth installations. From a terminal, run:

sudo dnf update -y
sudo dnf upgrade -y

This step ensures critical dependencies are modern enough to support Docker and related utilities. Safety and security patches are also applied, protecting the server from known vulnerabilities.

Next, download and install Docker. Although Rocky Linux might already include Docker in its repositories, installing the latest version from official sources is often beneficial. Enable the Docker repository, install Docker, then start and enable it at system boot. For convenience, a typical installation involves:

sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
sudo dnf install docker-ce docker-ce-cli containerd.io -y
sudo systemctl start docker
sudo systemctl enable docker

Verify Docker’s functionality by running:

sudo docker run hello-world

Next, install Docker Compose. Although some distributions include Docker Compose, installing it using a package manager or a standalone binary can provide a stable version. One example:

sudo dnf install docker-compose

Alternatively, a direct binary approach from GitHub can deliver the latest Compose release. Confirm Docker Compose is installed correctly:

docker-compose --version

With Docker and Docker Compose in place, the core environment is ready for deploying Nginx Proxy Manager.

Installing Nginx Proxy Manager

Installing Nginx Proxy Manager on Rocky Linux 9 involves configuring a Docker Compose file that spins up both the application container and a database container. This method keeps all components isolated and organized.

Begin by creating a dedicated network for the containers to communicate with each other. A custom Docker network reduces the risk of conflicts with other services:

sudo docker network create npm_network

With the network prepared, create a folder specifically for Nginx Proxy Manager. This directory will store all configuration files, including Docker Compose:

mkdir ~/nginx-proxy-manager
cd ~/nginx-proxy-manager

Inside this directory, create a file named docker-compose.yml:

nano docker-compose.yml

Populate docker-compose.yml with the following content:

version: '3'
services:
  db:
    image: 'jc21/mariadb-aria:latest'
    container_name: npm_db
    environment:
      MYSQL_ROOT_PASSWORD: <root_db_password>
      MYSQL_DATABASE: npm
      MYSQL_USER: npm
      MYSQL_PASSWORD: <npm_db_password>
    volumes:
      - ./data/mysql:/var/lib/mysql
    networks:
      - npm_network

  app:
    image: 'jc21/nginx-proxy-manager:latest'
    container_name: npm_app
    restart: unless-stopped
    ports:
      - "80:80"
      - "81:81"
      - "443:443"
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    networks:
      - npm_network

networks:
  npm_network:
    external: true

Replace <root_db_password> and <npm_db_password> with strong passwords. This ensures database security and prevents unauthorized access. The ports section forwards the host machine’s ports 80, 81, and 443 into the corresponding container ports, enabling HTTP, a management interface, and HTTPS traffic.

Save and exit the file. Then start the containers:

docker-compose up -d

This command pulls the necessary images if they are not already downloaded, creates containers, and launches them in the background. Check the current status of containers by running:

docker-compose ps

If everything is functioning correctly, both the db container and app container appear as “Up.” This indicates that Nginx Proxy Manager is running on Rocky Linux 9.

At this point, the basic installation is complete. The next steps focus on the initial configuration, ensuring the service is properly accessible, and implementing recommended security measures. Firewall adjustments and SELinux considerations may also be relevant, depending on the environment’s existing configuration.

Initial Configuration

Once the containers are running, opening a web browser is the next step. Enter the IP address or domain associated with the Rocky Linux 9 server, followed by :81. The default URL might look like:

http://server-IP:81

A login screen should appear. The default credentials for Nginx Proxy Manager are:

• Username: admin@example.com
• Password: changeme

After logging in for the first time, immediately change these credentials to maintain security. Locate the “Users” section within the interface, then update the email address and password to a unique combination.

Further adjustments might be necessary when working with Rocky Linux 9’s firewall settings. Typically, firewalld manages ports and rules. Open necessary ports (80, 443, 81) to ensure traffic is not blocked. For instance:

sudo firewall-cmd --zone=public --permanent --add-port=80/tcp
sudo firewall-cmd --zone=public --permanent --add-port=443/tcp
sudo firewall-cmd --zone=public --permanent --add-port=81/tcp
sudo firewall-cmd --reload

Additionally, SELinux can enforce strict security policies that interfere with container operations. If challenges arise while setting up Nginx Proxy Manager or the containers fail to connect, review SELinux logs or consider adjusting the SELinux policy or switching it to permissive mode (if consistent with organizational security requirements). However, carefully weigh the benefits before altering SELinux modes.

At this stage, Nginx Proxy Manager’s web interface is operational. The next section highlights performing essential tasks, such as creating proxy hosts and leveraging the simple yet powerful dashboard.

Basic Configuration and Usage

The Nginx Proxy Manager dashboard is designed to simplify management tasks through an intuitive layout. Immediately after logging in, the main panel presents options for adding proxy hosts, redirection hosts, streams, and more. To configure a new proxy host, follow these steps:

1. Click “Proxy Hosts”: This tab lists existing entries, if any.
2. Add Proxy Host: Specify a domain name or subdomain. Point it to the internal IP address or container where the web application is running.
3. Set Scheme: Choose “http” or “https.” This depends on the backend service’s protocol.
4. Access List: Restrict or allow traffic from specific IP addresses, if desired.
5. SSL Certificates: Request and configure Let’s Encrypt certificates or provide custom certificates. For Let’s Encrypt, ensure DNS records properly direct the domain to the server’s IP address.
6. Save: Confirm the configuration to finalize your new proxy host.

This process offers a convenient way to serve multiple subdomains or services behind a single Rocky Linux 9 server without editing complex Nginx configuration files manually. Each proxy host can have security rules, caching, or rewriting policies applied to it.

Nginx Proxy Manager’s interface also includes a detailed logs feature. Reviewing access logs or error logs can simplify troubleshooting. Observing logs can confirm that traffic flows correctly. Any misconfigurations or missing DNS entries typically manifest here as connection or SSL handshake errors.

This straightforward approach to managing proxy hosts encourages the creation of robust, modular architectures. Web services become easier to maintain and scale, especially when new subdomains or multiple containers are introduced.

Advanced Configuration

While Nginx Proxy Manager functions smoothly with its default settings, advanced configurations accelerate performance and tighten security. SSL certificate management stands out among such options. Integrating Let’s Encrypt automates certificate renewals. By checking the “Force SSL” option, all traffic can be redirected to HTTPS, enhancing end-to-end encryption.

For more elaborate use cases, custom SSL certificates offer greater control. Some organizations rely on internal certificate authorities or specialized providers. Simply upload these certificates through the Nginx Proxy Manager UI, then assign them to specific proxies.

Access lists add an additional layer of protection by granting or denying access to certain IP ranges. This feature is ideal for staging websites, admin-only dashboards, or internal development environments. Combine it with easy DNS management to create subdomains used only within an internal network.

When running resource-intensive applications, load-balancing and caching may also be implemented to accommodate spikes in traffic. Fine-tuning these aspects can reduce overhead and speed up page loads.

Troubleshooting and Maintenance

In the event of issues, checking container logs is the first step. Either use the Nginx Proxy Manager dashboard or run docker-compose logs -f app to spot error messages. Common pitfalls include incorrect DNS entries, firewall blocking, or wrong upstream settings.

Backing up the configuration is simple: keep regular copies of the data directories and the mysql container’s contents. Restoring only requires placing these files back into their original locations and rerunning the containers.

To update, pull the new image, and run docker-compose pull followed by docker-compose up -d. This approach updates both the application and database images to their latest versions.

Congratulations! You have successfully installed Nginx Proxy Manager. Thanks for using this tutorial for installing Nginx Proxy Manager on Rocky Linux 9 system. For additional help or useful information, we recommend you check the official Nginx website.